Forwarded From: phreak moi <hackerelitet_private> http://www.wired.com/news/news/politics/story/15643.html Cyber Terror Arsenal Grows by Niall McKay 8:32 a.m. 16.Oct.98.PDT When Federal agents raided the home of an 18-year-old cracker in Irvine, California, this past summer, they were looking for a cyber terrorist. "The FBI woke me up with a gun to my head one morning," said the cracker, who calls himself Chameleon. "We sat for seven hours being interrogated while they were going through my computer stuff." Agents suspected the youth of selling US military secrets to Khalid Ibrahim, believed to be a member of the Pakistani terrorist group Harkat-Ul-Ansar. "I went to my post-office box one morning, and there was US$1,000 with a number to call in Boston," said Chameleon. Chameleon, who spoke to Wired News on the condition of anonymity, said that while he did cash the check from Ibrahim, he considers himself a computer enthusiast, not a terrorist. Ibrahim was allegedly seeking maps of US government computer networks that Chameleon had obtained on his travels through the Net. "But I never called and I didn't pass any information to Ibrahim," he said. A Job For NIPC Chameleon's case, which was confirmed by the FBI, is tailor-made for the newly established National Infrastructure Protection Center. NIPC is designed to fend off threats to the nation's banks, transportation networks, power and water resources -- and, in Chameleon's case, military networks. By employing the collective muscle of several intelligence and law enforcement agencies, NIPC (pronounced "nip-see") can conduct investigations that would normally be beyond the scope of a single agency. For example, in Chameleon's case, NIPC may have asked the CIA to gather information on Ibrahim overseas, dispatched FBI agents to keep him under surveillance at home, then have its own computer analysts monitor and analyze Internet data. Security experts warn that there is a clear distinction between kids that crack Web sites for fun and cyber terrorists trying to cause serious damage. But for Michael Vatis, an associate director of the FBI who's serving as NIPC's director, the distinction is irrelevant. "The trouble is that when an attack occurs we have no way of knowing if this is a kid in middle America or a serious foreign threat," said Vatis. "Whether [the attacks] come from a disgruntled employee, a hacker trying to show his skills, or an information warrior trying to get access to sensitive military information, we are here to prevent attacks on the nation's infrastructure." Vatis would not comment on any case under investigation by NIPC. Chameleon wasn't as reticient, however. In his account on the computer security site AntiOnline, he said that the FBI had been watching his house, tapping his phone, and monitoring his Internet connections for months. Chameleon said that federal agents even had transcripts of Internet chat conversations between him and Ibrahim, who is allegedly based in New Delhi, India. The Big Stick Attorney General Janet Reno established NIPC in February with $US64 million from Congress. With NIPC growing fast, Vatis is seeking additional funding in this year's budget. When fully staffed, NIPC will employ 125 at the FBI headquarters in Washington, and another 300 to 400 around the country. The center will also run a multimillion dollar computer system that will house a massive national infrastructure security database. While full details of the database are not available, the FBI outlined plans last March to establish InfraGuard, an intrusion detection reporting program. Institutions and private companies can use the program to report security incidents to the FBI. The center will also serve as the nation's security adviser, instructing both government and private institutions on security and software purchases, according to Vatis. "We need to be able to communicate in real time with other agencies and we need to be capable of sophisticated analysis and display of information," Vatis said. While NIPC's underlying strength may be its ability to tap into the resources of the nation's intelligence and law enforcement agencies, it will also work closely with private industry. "At least half of our staff will come from the Secret Service, National Security Agency, CIA, NASA, Department of Defense, state and local law enforcement, Department of Treasury, Department of Energy, and the Department of Transportation," said Vatis. "We will also be backed up with equipment and expertise from the Lawrence Livermore National Labs." The center can mobilize staff from any of these agencies to respond to a cyber terrorism threat and have a message on the President's desk within 10 minutes, Vatis said. "The president is totally supportive of what we are trying to achieve here," said Vatis. An Ounce of Prevention Vatis is on call 24 hours a day. Should a cyber attack be reported by a local FBI field office or detected by NIPC, he will coordinate the mobilization and deployment of the response team. But the point is still to prevent an attack, not respond to one. "We try to detect attacks before they occur, analyze the information, and alert the victim," said Vatis. "We don't have the ability to counterattack. That would typically be a task for the other bodies, such as the army or air force." NIPC also helps guard against a variety of real-world threats to the national infrastructure, ranging from biological warfare to terrorist attacks. "There is a broad range of responsibilities but we are focusing on the cyber attacks," Vatis said. The Department of Defense reports that its Web sites experience in the neighborhood of 60 cyber attacks every week. However, many believe that this figure is conservative. In a recent speech at the Georgia Institute of Technology in Atlanta, CIA Director George Tenet said that in 1995 alone the Defense Department had been attacked 250,000 times. Others think that the 1995 figure is inflated. Until recently, for example, the government is believed to have classified routine requests to open telnet connections -- the network equivalent of knocking on a locked door -- as "attacks." "Unfortunately, cyber threats are a difficult intelligence target," Tenet said. "They are cheap, they require little infrastructure, and the technology required is dual use. In short they are exceptionally easy to conceal." Lying in Wait One Department of Defense site, the Naval Surface Warfare Center, is attacked about 40 times per week, according to Stephen Northcutt, the center's head of intrusion detection. "If we really want to catch the people attacking our sites we need to employ some pretty sophisticated Internet forensics," said Northcutt, who will visit NIPC's headquarters next week. In practice, this process would involve installing surveillance sensors on high-profile Web sites that are commonly targeted by crackers. That information could be stored and later analyzed. "If a bank is robbed at 2 p.m., the police will go back and examine the videotape and see who had been casing the joint that morning," said Northcutt. "Well, it's the same with the Internet. When a hacker breaks into a site and steals information, it's likely that he has been in casing the joint before." But Net surveillance is a daunting task. In Ibrahim's case, for example, it is believed that he is based in India because he appears to be accessing the Internet using an ISP in New Delhi. But experts point out that he could be based anywhere and gaining access through a pirated Internet account. Crackers commonly trade information on these pirated Unix shell accounts through Internet Relay Chat channels. Chameleon Changes His Color In the meantime, Chameleon has not been charged with any crime, and has since put down his hacking tools to become a security consultant. "I was in the wrong place at the wrong time," he said. "If it was to happen again I would hand the money over to the FBI. But I needed to grow up, I guess." John Vranesevich, a security specialist and founder of AntiOnline, welcomes NIPC but suggests that the government should create awareness campaigns about the dangers of cracking in the same way it conducts drug awareness campaigns. "Some of these guys that are hacking the Pentagon's Web site are just kids and it's a game to them," said Vranesevich. "Chameleon is a talented programmer and I don't believe he knew that he would get caught up with terrorists." Members of The L0pht, a Boston-based group of network security specialists, agree. "NIPC seems like a good idea really," said a L0pht member calling himself Space Rogue. "I am actually surprised that a major cyber attack has not already taken place." But Space Rogue also accuses Washington of indulging in unwarranted hysteria. "There are two [Internet] buzzwords in government right now: pedophile and terrorist. "And any law or any measure taken against these two groups seems be condoned by the public," he said. "It's the '90s equivalent of McCarthy's stand against communism. We need to distinguish between hackers and cyber terrorists." -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:02 PDT